End-of-Day report
Timeframe: Dienstag 25-05-2021 18:00 - Mittwoch 26-05-2021 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
Kaspersky Security Bulletin 2020-2021. EU statistics
The statistics in this report cover the period from May 2020 to April 2021, inclusive.
https://securelist.com/kaspersky-security-bulletin-2020-2021-eu-statistics/102335/
Smart lighting security
RJ45 connections delivering Power over Ethernet are becoming prevalent in light fittings, a result of the lower power demands from LED fittings. This creates potential for uninformed installers to inadvertently bridge network security controls through connecting the light fittings to existing networking equipment. ... Radio protocols can also lead to compromise if not done securely; Bluetooth Classic, BLE, Z-Wave and many other protocols can be exploited if not configured correctly.
https://www.pentestpartners.com/security-blog/smart-lighting-security/
The Attack Path Management Manifesto
The primary goal of Attack Path Management (APM) is to directly solve the problem of Attack Paths. Today, the problem of Attack Paths is felt most acutely in the world of Microsoft Active Directory and Azure Active Directory. These platforms provide the greatest payoff for attackers, since taking control of the fundamental identity platform for an enterprise grants full control of all users, systems, and data in that enterprise
https://posts.specterops.io/the-attack-path-management-manifesto-3a3b117f5e5
CVE-2021-22909- Digging into a Ubiquiti Firmware Update bug
Back In February, Ubiquiti released a new firmware update for the Ubiquiti EdgeRouter, fixing CVE-2021-22909/ZDI-21-601. The vulnerability lies in the firmware update procedure and allows a man-in-the-middle (MiTM) attacker to execute code as root on the device by serving a malicious firmware image when the system performs an automatic firmware update. ... The impact of this vulnerability is quite nuanced and worthy of further discussion.
https://www.thezdi.com/blog/2021/5/24/cve-2021-22909-digging-into-a-ubiquiti-firmware-update-bug
Vulnerabilities
VU#799380: Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure
Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing.
https://kb.cert.org/vuls/id/799380
CVE-2020-14145
A vulnerability in OpenSSH <= 8.6 allows a man in the middle attack to determine, if a client already has prior knowledge of the remote hosts fingerprint. Using this information leak it is possible to ignore clients, which will show an error message during an man in the middle attack, while new clients can be intercepted without alerting them of the man in the middle attack. [...] At the moment, the only option to mitigate this vulnerability is to set HostKeyAlgorithms in your config file.
https://docs.ssh-mitm.at/CVE-2020-14145.html
Sicherheitsupdates: Kritische Schadcode-Lücke bedroht VMware vCenter Server
Die Servermanagementsoftware vCenter Server ist verwundbar. Angreifer könnten Schadcode ausführen.
https://heise.de/-6054003
Security updates for Wednesday
Security updates have been issued by Arch Linux (djvulibre, dotnet-runtime, dotnet-runtime-3.1, dotnet-sdk, dotnet-sdk-3.1, gupnp, hivex, lz4, matrix-synapse, prometheus, python-pydantic, runc, thunderbird, and websvn), Fedora (composer, moodle, and wordpress), Gentoo (bash, boost, busybox, containerd, curl, dnsmasq, ffmpeg, firejail, gnome-autoar, gptfdisk, icu, lcms, libX11, mariadb, mumble, mupdf, mutt, mysql, nettle, nextcloud-client, opensmtpd, openssh, openvpn, php, postgresql, prosody, rxvt-unicode, samba, screen, smarty, spamassassin, squid, stunnel, tar, tcpreplay, telegram-desktop), openSUSE (Botan), Red Hat (kernel), Slackware (gnutls), SUSE (hivex, libu2f-host, rubygem-actionpack-5_1), Ubuntu (apport, exiv2, libx11).
https://lwn.net/Articles/857352/
Cisco ADE-OS Local File Inclusion Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ade-xcvAQEOZ
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG
Cisco Finesse Cross-Site Scripting Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-strd-xss-bUKqffFW
Cisco Finesse Open Redirect Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-opn-rdrct-epDeh7R
Cisco DNA Spaces Connector Privilege Escalation Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnasp-conn-prvesc-q6T6BzW
Cisco DNA Spaces Connector Command Injection Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnasp-conn-cmdinj-HOj4YV5n
SSA-119468: Luxion KeyShot Vulnerabilities in Solid Edge
https://cert-portal.siemens.com/productcert/txt/ssa-119468.txt
Security Advisory - Out-of-Bounds Read Vulnerability On Several Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210526-03-dos-en
Security Advisory - Possible Out-Of-Bounds Read Vulnerability in Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210526-02-outbounds-en
Security Advisory - Improper Licenses Management Vulnerability in Some Products
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210407-01-resourcemanagement-en
Security Bulletin: Mitigations are being announced to address CVE-2020-4839 and CVE-2021-29695
https://www.ibm.com/blogs/psirt/security-bulletin-mitigations-are-being-announced-to-address-cve-2020-4839-and-cve-2021-29695/
Security Bulletin: WebSphere Application Server Java Batch is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2021-20492)
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-java-batch-is-vulnerable-to-an-xml-external-entity-injection-xxe-vulnerability-cve-2021-20492/
Security Bulletin: IBM® Db2® 'Check for Updates' process is vulnerable to DLL hijacking (CVE-2019-4588)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-check-for-updates-process-is-vulnerable-to-dll-hijacking-cve-2019-4588/
Security Bulletin: Mitigations are being announced to address CVE-2020-4839 and CVE-2021-29695
https://www.ibm.com/blogs/psirt/security-bulletin-mitigations-are-being-announced-to-address-cve-2020-4839-and-cve-2021-29695-2/
Security Bulletin: Data protection rules and policies are not enforced on virtualized objects
https://www.ibm.com/blogs/psirt/security-bulletin-data-protection-rules-and-policies-are-not-enforced-on-virtualized-objects/
Security Bulletin: This Power System update is being released to address CVE-2021-20487
https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2021-20487/
Security Bulletin: Information disclosure vulnerability in WebSphere Application Server Liberty
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-liberty-3/
Security Bulletin: Information disclosure vulnerability in WebSphere Application Server Liberty
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-liberty-2/
Security Bulletin: IBM License Key Server Administration and Reporting Tool is impacted by multiple vulnerabilities in jQuery, Bootstrap and AngularJS
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-license-key-server-administration-and-reporting-tool-is-impacted-by-multiple-vulnerabilities-in-jquery-bootstrap-and-angularjs/
Overview of NGINX vulnerabilities (May 2021)
https://support.f5.com/csp/article/K52559937?utm_source=f5support&utm_medium=RSS
NGINX Plus and Open Source vulnerability CVE-2021-23017
https://support.f5.com/csp/article/K12331123?utm_source=f5support&utm_medium=RSS
Datakit Libraries bundled in Luxion KeyShot
https://us-cert.cisa.gov/ics/advisories/icsa-21-145-01
Rockwell Automation Micro800 and MicroLogix 1400
https://us-cert.cisa.gov/ics/advisories/icsa-21-145-02